The new ICO guidance, which is supplemented by information as to the nature of the notice of breach that the ICO would like to achieve, was published on 1 April.
The ICO states that ‘organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction of or damage to personal data. Many organisations take the view that one of those measures might be the adoption of a policy on dealing with a data security breach. The guidance highlights the importance of organisations reporting breaches to the ICO, especially where large volumes of information or sensitive data are involved, that could cause harm to the individuals affected.
The guidance can be found at http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/guidance_on_data_security_breach_management.pdf
